403 if not logged in, show error

src/controllers/api.js

@@ -12,6 +12,7 @@ var categories = require('../categories');
 var privileges = require('../privileges');
 var plugins = require('../plugins');
 var widgets = require('../widgets');
+var helpers = require('../controllers/helpers');
 var accountHelpers = require('../controllers/accounts/helpers');
 
 var apiController = {};
@@ -220,6 +221,9 @@ apiController.getObject = function(req, res, next) {
 };
 
 apiController.getCurrentUser = function(req, res, next) {
+	if (!req.uid) {
+		return helpers.notAllowed(req, res);
+	}
 	async.waterfall([
 		function(next) {
 			user.getUserField(req.uid, 'userslug', next);

src/controllers/helpers.js

@@ -3,8 +3,8 @@
 var nconf = require('nconf');
 var async = require('async');
 var validator = require('validator');
+var winston = require('winston');
 
-var translator = require('../../public/src/modules/translator');
 var categories = require('../categories');
 var plugins = require('../plugins');
 var meta = require('../meta');
@@ -17,6 +17,9 @@ helpers.notAllowed = function(req, res, error) {
 		res: res,
 		error: error
 	}, function(err, data) {
+		if (err) {
+			return winston.error(err);
+		}
 		if (req.uid) {
 			if (res.locals.isAPI) {
 				res.status(403).json({

src/middleware/middleware.js

@@ -1,32 +1,32 @@
 "use strict";
 
-var app,
+var app;
-	middleware = {
+var middleware = {
 	admin: {}
-	},
+};
-	async = require('async'),
+var async = require('async');
-	fs = require('fs'),
+var fs = require('fs');
-	path = require('path'),
+var path = require('path');
-	csrf = require('csurf'),
+var csrf = require('csurf');
-	_ = require('underscore'),
+var _ = require('underscore');
-
+
-	validator = require('validator'),
+var validator = require('validator');
-	nconf = require('nconf'),
+var nconf = require('nconf');
-	ensureLoggedIn = require('connect-ensure-login'),
+var ensureLoggedIn = require('connect-ensure-login');
-	toobusy = require('toobusy-js'),
+var toobusy = require('toobusy-js');
-
+
-	plugins = require('../plugins'),
+var plugins = require('../plugins');
-	languages = require('../languages'),
+var languages = require('../languages');
-	meta = require('../meta'),
+var meta = require('../meta');
-	user = require('../user'),
+var user = require('../user');
-	groups = require('../groups'),
+var groups = require('../groups');
-
+
-	analytics = require('../analytics'),
+var analytics = require('../analytics');
-
+
-	controllers = {
+var controllers = {
 	api: require('./../controllers/api'),
 	helpers: require('../controllers/helpers')
-	};
+};
 
 toobusy.maxLag(parseInt(meta.config.eventLoopLagThreshold, 10) || 100);
 toobusy.interval(parseInt(meta.config.eventLoopInterval, 10) || 500);
@@ -322,7 +322,7 @@ middleware.processLanguages = function(req, res, next) {
 	if (code && key) {
 		languages.get(code, key[0], function(err, language) {
 			res.status(200).json(language);
-		})
+		});
 	} else {
 		res.status(404).json('{}');
 	}